3.5 Million Oregonians Personal Information At Risk After Data Hack At DMV

Salem, Ore. — Oregon Department of Transportation (ODOT) has confirmed that it has been affected by a data breach resulting from a global hack targeting the MOVEit Transfer data transfer software. This breach has exposed personal information belonging to approximately 3.5 million individuals holding Oregon ID or driver’s licenses.

ODOT has been utilizing MOVEit Transfer since 2015, a file sharing tool developed and supported by Progress Software Corp. The Cybersecurity and Infrastructure Security Agency issued a zero-day vulnerability alert on June 1, 2023, notifying that MOVEit Transfer had a security flaw that could potentially allow attackers to take control of affected systems.

Immediate action was taken by ODOT to secure its systems, working closely with state cybersecurity services and enlisting the assistance of a third-party security specialist for analysis. The investigation revealed that unauthorized actors had accessed multiple files shared through MOVEit Transfer prior to the security alert.

On June 12, ODOT confirmed that the accessed data contained personal information of approximately 3.5 million Oregonians. While some of this information is publicly available, certain portions are considered sensitive personal data.

ODOT is unable to identify if any specific individual’s data has been compromised. However, individuals with active Oregon ID or driver’s licenses should assume that information related to their identification is part of the breach. To safeguard against potential misuse of this information, affected individuals are advised to take precautionary measures, including accessing and monitoring personal credit reports.

For those who suspect they may have been affected, it is recommended to request a free copy of their credit report from each of the three consumer credit reporting companies, as provided by federal law. These reports can reveal any unfamiliar transactions or accounts. Further guidance on dealing with identity theft can be found on the Federal Trade Commission’s website.

Additionally, affected individuals may choose to request credit file freezes from Equifax, Experian, and TransUnion, the three major credit monitoring agencies.

ODOT has informed law enforcement about the breach and continues to investigate the full extent of the incident. As more information becomes available, affected parties will be duly notified. For further assistance and information, individuals can contact Ask ODOT, the primary point of contact for inquiries, services, and issue resolution with ODOT, via email at [email protected].